Developing Stripe Payment and Subscription Service for React Native App with NodeJS

Update 2022/05/12


  • Integrate DevOps with development as much as possible to avoid simple mistakes in productions (i.e deploying the wrong key). Let one developer deploy it through production and a separate DevOps / QA to check it’s implemented properly instead.
  • Must set up a recurring test and review schedule after production deployment of any code or project. Do not move on to a new project until KPIs are met for at least a week through post-production testing.
  • Contrary to solo development on a private repo, do not commit too often when working in teams. Take time to review the code for sensitive information before committing anything. Number of commits / LOC != productivity.


Identifying business needs and limits

  • Online payments need to follow PCI-DSS guideline, important key points being that payment processors must abide by strict guidelines (laid out in some 20+ pages) to protect consumer’s data privacy and security. As such, it is difficult and highly unrecommended for companies to store customer’s credit card information in their database, let alone caches in mobile apps. Well-known services that alleviate this burden are Paypal and Stripe.
  • After reviewing Paypal and Stripe, I recommended using Stripe API over Paypal because it had less commission fee and better documentation, support for developers.
  • One might expect there would be Stripe SDK for React Native (maybe there is now) — but there were no libraries that were PCI-DSS compliant. How were we supposed to use Stripe API and display the credit card payment process on React Native without breaking security compliance laws?


The backend solution

Part of the folder structure
donation.js — Take note of that red rectangle box. That later becomes the source of production screw up.

The frontend solution

Then call this _handlePressButtonAsync from Button component

The F@#!@ning

  • development was separated from DevOps
  • I am a newb to git collaboration, assumed people would read (please read me… T_T)
  • I left a Stripe test key in one of the files so that the NodeJS app would run. Should have left it empty instead to throw an error on purpose.
  • Wrote on README explaining variables needed to change before pushing to production
  • DevOps: oh, it runs -> deploy



r&d blog on architecture, software engineering and inspirations

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

r&d blog on architecture, software engineering and inspirations